Vulnerabilities (CVE)

Filtered by vendor Froxlor Subscribe

Filtered by product Froxlor

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-42325	1 Froxlor	1 Froxlor	2021-11-26	7.5 HIGH	9.8 CRITICAL
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
CVE-2015-5959	1 Froxlor	1 Froxlor	2017-09-07	5.0 MEDIUM	9.8 CRITICAL
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
CVE-2016-5100	1 Froxlor	1 Froxlor	2017-02-24	5.0 MEDIUM	9.8 CRITICAL
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.